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file requcned must be scanned before delivery to the end nscr. Second, the filer opens a channel to one of the externa] corapoting 
devices and sends the Glemune. Tbird, the external compming device t^ns tbe file and scans iL Ponrth, the external compnting 
fievice notifies the filo* the resntts of tbe file scan (^cratkm. Inftb, tbe filer sends the file to the end nscr provided tbe itatns indicBle* 
it may do so. 
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DECENTRALIZED APPLIANCE VIRUS SCANNING 
Background of the Invention 

5 J. Field of the Invention 

This invcDtioo relates to virus scanning in a netwoilced environment 
2. Related Art 

10. 

Computer nctworidng and the Internet in particular offer end users 
unprecedented access to information of all types on a global basis. Access to 
information can be as simple as connecting some type of computing device using a 
standard phone line to a network. With the proliferation of wireless conmnmication, 
1 S users can now access computer networks from practically anywhere. 

Connectivity of this magnitude has magnified the impact of computer 
viruses. Viruses such as "Melissa** and "I love you" had a devastating impact on 
computer systms worldwide. Costs for dealing with viruses are often measured in 
20 millions and tens of millions of dollars. Recently it was shown that hand-held 
computing devices are also suscqjtible to viruses. 

Virus protection software can be very effective in dealing with viruses, 
and vims protection software is widely available for genera] computing devices such 
25 as personal computers. There are, however, problems unique to specialized 

comjTuting devices* such as filers (devices dedicated to storage and retrieval of data). 
Off-the-shelf vims protection software will not run on a specialized computing device 
unless it is modified to do so, and it can be vejy expensive to rewrite software to worit 
on another platform. 

30 
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A first known method is to scan for viruses at the data source. When 
the data is being provided by a specialized computing device the specialized 
computing device must be scanned. Device-specific virus protection software must 
be written in order to scan the files on the device. 

5 

WhiJe this first jknown method is effective in scanning files for viruses, 
it suffers fi-om several drawbacks^ First, a cooqiany with a specialized computing 
device would have to dedicate considerable resources to creating vims protection 
software and maintaining up-to-date data files that protect against new viruses as they 
1 0 emerge. 


Additionally, although a manuj^cturer of a specialized computing 
device could enlist the assistance of a company that creates mainstreani vims 
protection software to write the custom application and become a licensee this would 
1 5 create other problems, such as reliance on the chosen vendor of the anti-virus 
software, compatibility issues when hardware upgrades are effected, and a large 
financial expense. 


A second known method for protecting against cormputer vmises is to 
20 have the end user run anti-vims software on their client device. Anti-virus software 
packages are offered by such conqwnies as McAfee and Symantec. These programs 
are loaded during the boot stage of a computer and woric as a badcground job 
monitoring memory and files as they are opened and saved, 

25 While this second known method is effective at intercepting and 

protecting the client device ftwn infection, it suffers from several drawbacks. It 
places the burden of detection at the last possible link in the chain. If for any reason 
the virus is not detected prior to reaching the end user it is now at the computing 
device where it wiU do the most damage (comipting files and spreading to other 

30 con^)uter users and systems). 
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It is much better to sanitize a file at the source from where it may be 
ddivered to millions of ead users rather than deliver the file and hope that the end 
user is prepared to deal with the file in the event the file is infected. End users often 
have older versions of anti-virus software and/or have not updated the data files that 
5 ensure the software is able to protect against newly discovered viruses, thus making 
detection at the point of mass distribution even more critical. 

Also, hand-held computing devices are susceptible to viruses, but they 
are poorly equipped to handle them. GeneraDy, hand-held con^mting devices have 
10 very liinited memory resources compared to desktop systems. Dedicating a portion 
of these resources to virus protection severely limits the ability of the hand-held 
device to perfonn effectively. Reliable vims scanning at the information source is the 
most efficient and effective method. 

1 5 Protecting against viruses is a constant battle. New viruses are created 

everyday requiring vims protection software manu^turers to come up with new data 
files (solution algorithms used by anti- virus applications). By providing protection at 
the source of the file, viruses can be eliminated more efficiently and effectively. 

20 Security of data in general is important Equally inqwitant is the trust 

of the end user. This comes from the reputation that jirecedes a company, and 
companies that engage in web commerce often live and die by their reputation. Just 
like an end user trusts that the credit card number they have just disclosed for a web- 
based sales transaction is secure they want files they receive to be just as secure. 

25 

Accordingly, it would be desirable to provide a technique for scanning 
specialized conqyuting ^vices for vimses and other malicious or unwanted content 
that may need to be changed, deleted, or otherwise modified. 


30 


wo 02/44862 PCT/IISO 1/46688 

Summary of the Invention 

The invention provides a method and system for scanning specialized 
computing devices (such as filere) for viruses. In a preferred embodiment, a filer is 
5 connected to one or more supplementary computing devices that scan requested files 
to ensure they are vims free prior to delivery to end tisers. When an end user requests 
a file fiiom the filer the following steps occur: First, the filer determines whether the 
file requested must be scanned before delivery to the end. user. Second, the filer 
opens a channel to one of the external computing devices and sends the filename. 
10 Third, the external computing device opens the file and scans it Fourth, the external 
computing device notifies the filer the status of the file scan operatioa Fifth, the filer 
sends the file to the end user provided the status indicates it may do so. 

This system is very efficient and effective as a file needs only to be 
1 5 scanned one time for a vinas unless the file has been modified or new data files that 
protect against neiv viruses have been added. Scan reports for files that have been 
scanned may be stored in one or more of the external computing devices, in one or 
more filers, and some portion of a scan report may be delivered to end users. 

20 In alternative embodiments of the invention one or more of the external 

computing devices may be running other supplementary applications, such as file 
conqnession and enoyption, indq>endently or in some combination. 

Brief Description of the Ehawings 

25 

Figure 1 shows a block diagram of a system for decentralized appliance 
vuTis scanning. 

Figure 2 shows a process flow diagram for a system for decentralized 
30 virus scanning 
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Detailed Description of the Preferred Embodiment 

In the following description, a prefenned embodiment of the invention is 
described with regard to prefciTed process steps and data stnictures. Those skilled in 
5 the ail would recognize after perusal of this application that embodiments of the 
invention can be implemented using one or more general purpose processors or 
special purpose processors or other circuits adapted to particular pn>cess steps and 
data structures described herein, and that implementation of the process steps and 
data structures described herein would not require undue experimentation or further 
10 . invenHon. 


Lexicography 

The foUowing temis refer or relate to aspects of the invention as 
15 described below. The descriptiojis of general meanings of these terms are not 
intended to be limiting, only illustrative. 


• Virus - in general, a manmade program or piece of code that is loaded onto a 
computer without the computer user's knowledge and runs against their 

20 wishes. Most viruses can also replicate themselves, and the more dangerous 

types of viruses are capable of transmitting themselves across networks and 
bypassing security systems. 

• client and server — ra general, these terms refer to a relationship between two 
25 devices, particulariy to their relationship as client and server, not necessarily to 

any particular physical devices. 


30 


For examgjle, but without limitation, a particular cliert device in a firet 
relationship with a first server device, can serve as a server device in a second 
relationship with a second client device. In a preferred embodiment, there arc 
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generally a relativdy smaiJ number of server devices servicing a relatively 
larger number of client devices. 


• client device and server device — in gener^, tbeee tenns refer to devices 
taking on the role of a client device or a server device in a client-server 
relationship (such as an HTTP web client and web server). There is no 
particular requirement that any client devices or server devices must be 
individual physical devices. They can each be a single device, a set of 
cooperating devices, a portion of a device, or some combination thereof. 

For example, but without limitation, the client device and the server device in 
a client-server relation can actually be the same physical device, with a first set 
of software elements serving to perform client functions and a second set of 
software elements serving to perfoim server functions. 

• web client and web server (or web site) — as used herein the terms "web 
client" and **web server" (or "web site") refer to any combination of devices or 
software taking on the role of a web cUent or a web sctvct in a client-server 
cDviroiunent in the internet, the world wide web, or an equivalent or extension 
thereof. There is no particular requirement that web clients must be individual 
devices. They can each be a single device, a set of cooperating devices, a 
portion of a device, or some combination thereof (such as for cxanq}le a device 
providing web server services that acts as an agent of the user). 

As noted above, these descriptions of gaieral meanings of these terms 
arc not intended to be hmiting, only illustrative. Other and further applications of the 
invention, inchiding extensions of these terms and concepts, would be clear to those 
of ordinary skiD in the art after perusing this application. These other and further 
applications are part of the scope and spirit of the invention, and would be clear to 
those of ordinary skill in the art, without fiirth^ invention or undue experimentation. 
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Figure 1 shows a block diagram of a system for decentralized appliance 
virus scanning. 

5 

A system 100 includes a client device 110 associated with a user I U, a 
communications netwoik 120, a filer 130, and a processing cluster 140. 

The client device 110 includes a processor, a main memory, and 
10 . software for executing instructions (not shown, but imderstood by one skilled in the 
art). Although the client device 1 1 0 and filer J 30 are shown as separate devices there 
is no requirement that they be physically separate. 

In a preferred embodiment, the communication network 120 includes 
IS the Internet In alternative embodiments, the communicadon netwoik 120 may 
inchide alternative forms of communication, such as an intranet, extranet, -vimial 
private netwoik^ direct communication links, or some other combination or 
conjunction thereof 


20 


A communications link 115 operates to couple the client device 1 10 to 
the cojmminications networic 1 20. 


The filer 130 includes a processor, a main memory, software for 
executing instructions (not shown, but understood by one skilled in the art), and a 
25 niass storage 131. Although the client device 1 1 0 and filer 1 30 are shown as separate 
devices there is no requirement that they be separate devices. The filer 130 is 
connected to the communications netwoik 120. 

The mass storage 131 includes at least one file 133 that is capable of 
30 being requested by a client device 1 1 0. 
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The processing cluster 140 includes one or more cluster device 141 
each including a processor, a main memory, software for executing instructions, and a 
mass storage (not shown but understood by one skilled in the art). Although the filer 
130 and the processing cluster 140 arc shown as separate devices there is no 
5 requirenaent that they be separate devices. 


In a preferred embodiment Ihc processing cluster 1 40 is a plurality of 
pcisonal conqjutcrs in an interconnected cluster capable of intercommunication and 
direct communication with the filer 130. 

10 

The cluster link 1 35 operates to connect the processing cluster 140 to 
the filer 130. The cluster link 135 may include non-uniform memory access 
(NUMA), or commimication via an mtranet, extranet, virtual private nctworic, direct 
communication Unks^ or some other combination or ooiyuDCtion thereof 

15 

Method of Operation 

Figure 2 shows a process flow diagram for a system for decentralized 
appliance virus scanning. 

20 

A method 200 includes a set of flow points and a set of steps. The 
system 100 pcrfoims the method 200. Although the method 200 is described serially, 
the steps of the method 200 can be perfoimed by separate elements in conjunctioji or 
in parallel, whether asynchronously, in a pipelined manner, or otherwise. There is no 
25 particular requirement that the method 200 be perfonned in the same order in which 
this description lists the steps, except where so indicated. 


30 


At a flow point 200, the system 100 is ready to begin performing the 

method 200. 
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At a Step 201 , a user 1 1 1 utilizes the client device 1 10 to initiate a 
request for a file 133. The request is transmitted to the filer 130 via the 
communications network 3 20. In a preferred embodiment the filer 130 is performing 
file retrieval and storage at the direction of a web server (not shown but understood 
5 by one skilled in the art). 

At a step 203, the filer 130 receives the request for the file 133 and 
sends the file ID and path of the file 133 to the processing cluster 140 where it is 
received by one of the cluster device 141 . 

10 

At a step 205, the cluster device 141 uses the file ID and path to open 
the file 133 m the mass storage 131 of the filer 130. 

At a stqp 207, the cluster device 141 scans the file 133 for viruses. In a 
1 S preferred embodiinuent^ files are tasked to the processing cluster 1 40 in a round robin 
fashion. In alternative embodiments files may be processed individually by a cluster 
device 141, by multiple cluster device 141 simultaneously, or some combination 
thereof. Load balancing may be used to ensure maximum effici«icy of processing 
within the processing cluster 140. 

20 

There are several vendors offering virus protection software for 
personal computers, thus the operator of the filer 130 may choose whatever product 
they would like to use. They may even use combinations of vendors* products in the 
processing cluster 140. In an alternative embodiment of the invention, continual 
25 scanmng of every file 1 33 on the filer 130 may take place. 

The processing chjster 140 is highly scalable. The price of personal 
computers is low compared to dedicated devices, such as filers, therefore this 
configuration is very desirable. Additionally, a cluster configuration offers redundant 
30 systems availability in case a cluster device 14 1 fails - failovcr and takeover is also 
possible withm the processing cluster. 
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At a Step 209, the cluster device 141 transmits a scan report to the filer 
130. The scan report primarily reports whether the ffle is safe to send Further 
infonnation may be saved for statistic^ purposes (for example, how many files have 
5 been identified as infected, was the virus software able to sanitize the file or was the 
file deleted) to a database. The database may be consulted to determine whether the 
file 133 needs to be scanned before delivery upon receipt of a subsequent request If 
the file 1 33 has not changed since it was last scanned and no additional virus data 
files have been added to the processing cluster, the file 1 33 probably does not need to 
1 0 be scaimed. This means the file 133 can be delivered more quickly. 

Other intennediary ^^Jplications may also run separately, in conjimction 
with other applications, or in some combination thereof within the processing cluster 
140. Compression and encryption utilities are some examples of these applications. 
1 5 These types of applications, including virus scanning, can be very CPU iirtensive, 
tiius outsourcing can yield better perfoimance by allowing a dedicated device lilce a 
filer to do what it does best and farm out other taslcs to the processing cluster 140. 

At a step 211, the filer 130 transmits or does not transmit the file 133 to 
20 the c]iexA 1 1 0 based on its availability as reported following the scan by the 

processing cluster 140. Some portion of the scan rqwrt may also be transmitted to 
the user. 

At this step, a request for a file 133 has been received, the request has 
25 been processed, and if possible a file 133 has been delivered. The process may be 
repeated at step 201 for subsequent requests. 

Generality of the Invention 


The invention has wide applicability and generality to other aspects of 
processing requests for files. 

10 
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The invention is applicable to one or more of, or some combination of, 
circumstances such as those involving: 


5 


• file compression; 

• file encryption; and 

• general outsourcing of CPU intensive tasJcs from dedicated e^liances to 


general purpose computers. 


10 Alternative Embodiments 

Although preferred embodiments are disclosed herein, many variations 
are possible which remain within the concept, scope, and spirit of the invention, and 
these variations would become clear to those skilled in the ait after perusal of this 
IS plication. 


II 
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1 . A method for operating a filer including the steps of: 
receiving at a first location a request from a user for an object; 

S processing said request at a second location, wherein said step of 

processing includes at least one of the following: (1) searching for one or more 
recognizable patterns of data within said object, (2) compressing said ot)jcct, and (3) 
encrypting said dyect; 

responding to said request, wherein said step of responding includes 
1 0 delivery of a response to said user. 

2. The method of claim 1 , wherein said request is in an electronic form. 

3. The method of claim 1, wherein said object is a file. 

15 

4. The method of claim 3» wh^n said step of processing said request 
further includes the steps of: 

creating an access path from said filer to a processing cluster; 
processing said file in said processing cluster; and 
20 generating a scan rqwrt wherein, said scan report is responsive to said 

processing of said file in said processing chistcr, 

5. The method of claim 4, \\^erein said step of creating an access path 
includes sending the ID and path of said file from said filer to said processing cluster. 

25 

6. The method of claim 5, wherein said step of sending is accomplished 
using non-uniform memory access. 

7. The method of claim 5, whereiD said step of sending is accomplished 
30 using a communications netwoiic. 
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8. The method of claim 5, wherein said step of sendling is accomplished 
using a direct connection. 

9. Tht method of claim 4, wherein said step of processing of said file is 
5 performed by said processing cluster in a round robin fashion for subsequent files 

received. 

1 0. The method of claim 4, wherein said step of processing of said file 
is accomplished in parts by more than one device in said processing cluster. 

10 , 

11. The method of claim 4, wfaerran all files stored on said Glo* are 
scanned in a logical continuous manner. 

12. The method of claim 4, wherein said scan report contains a set of 
15 status data relating to said processing of said file. 

13. The method of claim 1 2, wherein said status data tnchides at least 
one data element identifying the presence or non-preseoce of a viiuis in said file. 

20 14. The method of claim 1 3, wherein said report is transferred to said 

filer. 


15. The method of claim 14, wherein said report is stored in a first 


16, The method of claim 15» wherein the necessity for subsequent 
scanning of said file is a fimction of detennining whether said database contains said 
report relating to said file and Aether said file has changed since last accessed. 


\0 L ^ 
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1 7. The method of claim 16, wherein the necessity for subsequent 
scanning of said file is a function of deteiraining whether additional virus 
identification data files have been added to said processing cluster. 


18. The method of claim 1 , wherein said delivery of a response is said 


file. 


1 9. The method of claim 1 , wherein said delivery of a response 
includes notification to said user that said file is unavailable. 

20. The method of claim 1 » wherein said step of responding to said ' 
request includes sending said user a copy of said scan report. 


21. An apparatus for operating a filer including: 

1 5 means for receiving at a fiist location a request fixan a user for an 

object; 

means for processing said request at a second location, wherein said 
means for processing includes at least one of the follovnng: (1) means for searching 
for one or more recognizable patterns of data within said object, (2) means for 
20 compressing said object, and (3) means for encrypting said object: 

means for responding to said request, wherein said means for 
responding includes delivay of a response to said user. 

22. The apparatus of claim 21, wherein said object is a file. 

25 

23. The apparatus of claim 22, wherein said means for [nocessing said 
request fiutbcr includes: 

means for creating an access path fixmi said filer to a processing cluster; 
means for processing said file in said processing cluster; and 
30 means for generating a scan report wherein, said scan report is 

responsive to said processing of said file in said processing cluster. 

14 
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24. The c^paratus of claim 23, wherein said means for creating an 
access path includes means for sending the ID and path of said fUe from said filer to 
said processing cluster. 

5 

25. The apparatus of claim 24, wherein said sending Is accomplished 
using non-uniform memory access. 

26. The apparatus of claim 24, \^rein said sending is accomplished 
10 . using a communications network. 

27. The apparatus of claim 24, wherein said sending is accomplished 
using a direct connection. 

15 28. The apparatus of claim 23, wherein said processing of said file is 

perfonned by said processing cluster in a round robin fashion for subsequent files 
received 

29: The apparatus of claim 23, wherein said processing of said file is 
20 p^ormed on atomic units of said file by moie than one device in said processing 
duster. 

30. The apparatus of claim 23, wtcrein all files stored on said filer are 
scanned in a logical continuous manner. 

25 

31. The apparatus of claim 23, wherein said scan report contains a set 
of status data relating to said processing of said file. 

32. The apparatus of claim 31 , wherein said status data includes at least 
30 one data element identifying the presence or nwi-prcsence of a virus in said file. 


15 
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33. The ^jparatus of claim 31, wherein said report is transfciTed to said 

filer. 

34. The apparatus of claim 33, wherein said report is stored in a first 

5 database. 


35. The £q>paratus of claim 34, wherein the necessity for subsequent 
scanning of said file is a function of detemiining whether said database contains said 
report relating to said file and whether said file has changed since last accessed. 

10 

36. The apparatus of claim 35, v^erein the joecessity for subsequent 
scanning of said file is a function of determining whether additional virus 
identification data files have been added to said processing chister. 

IS 37. The apparatus of claim 2 1 , wherein said delivery of a response is 

delivery of said file. 

38. The apparatus of claim 21 ^ ii^erein said delivery of a response 
includes delivery of notification to said user that said file is unavailable. 

20 

39. The apparatus of claim 21 , wherdn said responding to said request 
irichjdes sending said user some pKtrtion of said scan report. 

40. A method of attempting to provide virus protection in a cUent* 
25 server environment, comprising the steps of: 

receiving a request at a server for a file; 

sending an identifier for the file to a scanning device that scans the file 

for viruses; 

receiving an indication fitan the scaiming device as to whether or not 
30 the file is safe to send fiom the server, and 


16 
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responding to the request by sending the fde if the indication is that the 
file is safe to send 

41 . A method as in claim 40, wherein the scanning device indicates 
5 that the file is safe to send if the scanning device determines that the file is not 

infected with any viruses. 

42. A method as in claim 40, wherein the request is received from ai^ 
the file is sent to a client device. 

10 . 

43. A method as in claim 40, whCTcin the server is a web server. 

44. A method as in claim 40, wherdn the scanning device is one of a 
cluster of devices connected to the server that function similarly to the scanning 

15 device. 

45. A method as in claim 44, wherein the cluster of devices is a cluster 
of interconnected personal computers. 

20 46. A method of attempting to provide virus protection in a client- 

server environment, comprising the steps of: 

maintaining a database that indicates if files served by a server are safe 
to send from the server, 

receiving a request at the server for a file; 
25 I if the database indicates that the file is safe to send, responding to the 

request by sending the file; and 

if the database docs not indicate that the file is safe to send, then 
sending an identifier for the file to a scanning device that scans the file for viiuses, 
receiving an indication from the scanning device as to whether or not the file is safe 
30 to send from the server, and responding to the request by sending the file if the 
indication is that the file is safe to send. 

17 
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47. A method as in claim 46, wherein maintaining the database further 
comprises the st^s of: 

tracking received indications from the scanning device; and 
5 tracking accesses to the file. 

4S. A method as in claim 47» whenein a tracked indication in the 
database that die £De is safe to send is cancelled if the file has changed since the 
tracked indication was incorporated into the database. 

10 

49. A method as in claim 46, wherein the scanning device indicates 
that the file is safe to send if the scanning device determines that the file is not 
infected with any viruses. 

15 50. A method as in claim 46, wherein the request is received from and 

the fDe is sent to a client device. 

51 . A method as in claim 46, wherein the server is a web server. 

20 52. A method of attempting to provide virus protection in a client- 

server eaviroimwnt, comprising the steps of: 

receiving from a server, at a scanning device connected to the server, an 
identifier for a file stored on mass storage for the server, 
scanning the file for viruses; and 
25 reporting an indication to the server as to ^etber or not the file is 

infected 

53. A method as in claim 52, further comprising the step of changing, 
deletiiig, or otherwise modifying the file based on a result of scanning the file for 
30 viruses. 


18 
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54 

55. A method as in claim 52, wherein the scanning device is one of a 
duster of devices connected to the server that fimction similarly to the scanning 

5 device. 

56. A method as in claim 55, wherein the cluster of devices is a cluster 
of interconnected personal computers. 

10 . 57. A server that attempts to provide virus protection in a client-server 

environment, comprising: 

a communicatton link to client devices; 
mass storage for files; and 

a processor that executes instructions in order to send requested files to 
15 (he client devices, the instructions also including instructions (a) to receive a request 
for a file, (b) to send an Identifier for the file to a scanning device that scans the file 
for viruses, (c) to receive au indication fi'om the scanning device as to whether or not 
the file is safe to send from the server, and (d) to respond to the request by sending 
the file if the indication is that the file is safe to send. 

20 

58. A server as in claim 57, wherein the scanning device indicates that 
the file is safe to send if the scanning device determines that the file is not infected 
with any viruses, 

25 59. A server as in claim 57, wherein the request is received from and 

the file is sent to a client device. 
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. A method as in claim 52, wherein the server is a wd> servw. 


60. A server as in claim 57, wherein the server is a web server. 
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61 . A server as in claim 57, wherein the scanning device is one of a 
cluster of devices connected to the server that function similarly to the scanning 
device. 

5 62. A server as in claim 61, wherein the cluster of devices is a cluster 

of interconnected personal computers. 

63. A server that attempts to provide virus protection in a client-server 
environmeat, corapiising: 

10 a communication link to client devices; 

mass storage for files; and 

a processor that executes instmctions in order to send requested £Ues to 
the client devices, the instructions also including instructions (a) to maintain a 
database that indicates if files served by a server are safe to send from the server, (b) 

1 5 to receive a request at the server for a file, (c) if the database indicates that the file is 
safe to send, to respond to the request by sending the file, and (d) if the database does 
not indicate that the file is safe to send, then to send an identifier for the file to a 
scanning device that scans the file for viruses, to receive an indication from the 
scanning device as to whether or not the file is safe to send from the servw, and to 

20 respond to the request by sending the file if the indication is that the file is safe to 
send 

64. A swver as in claim 63, wherdn the instmctions to maintain the 
database finther comprise instructions to tracJc received indications fimn the scanning 

25 device, and to track accesses to the file. 

65. A server as in claim 64, wherein a tracked indication in the 
database that the file is safe to send is cancelled if the file has dianged since the 
tracked indication was incorporated into the database. 

30 
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66. A server as in claim 63, wherein the scanning device indicates that 
the file is safe to send if the scanning device determines that the file is not infected 
with any viruses, 

5 67. A server as in claim 63, wherein the request is received fix«n and 

the file is sent to a client device. 


68. A server as in claim 63, wherein the server is a web smfcr. 

10 69. A scanning device that attempts to provide virus protection for a 

server in a client-server environment, conrprismg; 

a conmnmication link to the server; and 
a processor that executes instructions, the instructions including 
instmctions (a) to receive fiom die server an identifier for a file stored on mass 
1 S storage for the server, (b) to scan the file for viruses, and (c) to report an indication to 
the server as to Aether or not the file is infected 

70. A scanning device as in claim 69, wherein the instructions fimher 
conoprise instructions to change, delete, or otherwise modify the file based on a resuh 

20 of scanning the file for vinj^es. 

71. A scanning device as in claim 69, wherein the server is a web 

server. 

25 72. A scanning device as in claim 69, wherein the scanning device is 

one of a chistcr of devices connected to the server that function similariy to the 
scanning device. 

73. A scanning device as in claim 72, wherein the cluster of devices is 
30 a cluster of inteicoiHiected personal conqniters. 
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74. Storage containing infonnation including instructions, the 
instructions executable by a processor to attempt to provide vims protection in a 
client-server environment, tfie instructions comprising the steps of: 

receiving a request at a server for a file; 
5 sending an identifier for the file to a scanning device that scans the file 

for vimscs; 

receiving an indication from the scanning device as to whether or not 
the file is safe to send from the server; and 

responding to the request by sending the file if the indication is that the 
10 file is safe to send. 

75. Storage as in claim 74, wherein the scanning device indicates diat 
the file is safe to send if the scanning device determines that the file is not infected 
with any viruses. 

15 

76. Storage as in claim 74, wherein the request is received from and the 
file is sent to a client device. 


77. Storage as in claim 74, wherein the server is a web server, 

20 

78. Storage as in claim 74, wherein the scarming device is one of a 
cltister of devices cormected to the serva that function similarly to the scanning 
device. 


25 79. Storage as in claim 78, wherein &e cluster of devices is a cluster of 

interconnected personal computers. 

80. Storage containing information including instmcdons, Che 
instructions executable by a processor to attempt to provide virus protection tn a 
30 clicnt-servea' environment, the instructions comprising the steps of: 
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maintaining a database that indicates if files served by a server are safe 
to send from tlie server, 

receiving a request at the server for a file; 

if the database indicates that the file is safe to send, Tesponding to the 
5 request by sending the file; and 

if the database does not indicate that the file is safe to send, then 
sending an identifier for the file to a scanning device that scans the file for viruses, 
receivmg an indication fixnn the scanning device as to whether or not the file is safe 
to send from the server, and responding to the request by sending the file if the 
10 ' indication is that the file is safe to send. 


81 . Storage as in claim SO, wherein maintaining the database fuilfaer 
composes the steps of: 

tiBddng received indications from the scanning device; and 
15 tracking accesses to the file. 

82. Storage as in claim SI, wherein a tracked indication in the database 
that the file is safe to send is cancelled if the file has changed since the tracked 
indication was incorporated into the database. 

20 

83. Storage as in claim SO, wbo^ the scanning device indicates that 
the file is safe to send if the scamiing device detennines that the file is not infected 
with any viruses. 

25 84. Storage as in claim 80, wherein the request is received from and the 

file is sent to a client device. 


85. Storage as in claim 80, wherein the server is a web server. 
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86. Storage containing information intluding instructions, the 
instructions executable by a processor to attempt to provide virus protection in a 
client-server environmcat, the instructions conq)rising the steps of: 

receiving from a server, at a scanning device connected to the server, an 
5 identifier for a file stored on mass storage for the server, 

scanning the file for viruses; and 

reporting an indication to the server as to whether or not the file is 

infected. 

10 87. Storage as in claim 86, wherein the instructions further comprise 

the step of changing, deleting, or otherwise modifying the file based on a result of 
scanning the file for viruses. 

88. Storage as in claim 86. wherein the server is a web server. 

IS 

89. Storage as in claim 86, wherein the scaiming device is one of a 
cluster of devices connected to the server that function similarly to the scanning 
device. 

20 90. Storage as in claim 89, wherein the cluster of devices is a cluster of 

interconnected personal computers. 
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